Arbitrary Code Execution Vulnerability in Windows 2003 and Windows XP

DESCRIPTION
A new vulnerability in Windows 2003 and XP could result in the execution of
arbitrary code on the vulnerable system. This vulnerability is a result of the
way that the Help and Support Center service handles Help Center Protocol (HCP)
URL validation. A potential attacker could exploit the vulnerability by
constructing a malicious HCP URL that could potentially allow remote code
execution if a user visited a malicious Web site or viewed a malicious email
message.

VENDOR RESPONSEMicrosoft has released bulletin
MS04-015, "Vulnerability in Help and Support Center
Could Allow Remote Code Execution" (840374), to address this vulnerability
and recommends that affected users immediately apply the appropriate patch
listed in the bulletin.